Application level gateway based on universal parser
First Claim
1. An Application Level Gateway (ALG) for providing protocol validation in a data transmission network, comprising:
- a) a transmission controller for controlling data flow between the ALG, a server and a client;
b) a universal parser coupled to said transmission controller, for parsing all data flowing between said server and said client, and through the ALG; and
c) a parser plug-in, connected to said universal parser, said plug-in containing a formal syntax description of a predetermined data transmission protocol;
said ALG is operable for providing protocol validation by comparing the parsed data with the formal syntax description of the predetermined data transmission protocol contained in said plug-in.
1 Assignment
0 Petitions
Accused Products
Abstract
An Application Level Gateway (ALG) based on an universal parser, in a data transmission network. This ALG enables all data flow of an application level protocol to be checked for concordance with the formal syntax description of the data transmission protocol, and with a security policy. The ALG contains a transmission controller, universal parser, and at least one parser plug-in for each universal parser. This parser plug-in is specific to the data transmission protocol, and can be automatically created from the formal syntax description of a data transmission protocol. A security policy (rules, restrictions) can be implemented in the parser plug-in and/or in the settings.
-
Citations
22 Claims
-
1. An Application Level Gateway (ALG) for providing protocol validation in a data transmission network, comprising:
-
a) a transmission controller for controlling data flow between the ALG, a server and a client;
b) a universal parser coupled to said transmission controller, for parsing all data flowing between said server and said client, and through the ALG; and
c) a parser plug-in, connected to said universal parser, said plug-in containing a formal syntax description of a predetermined data transmission protocol;
said ALG is operable for providing protocol validation by comparing the parsed data with the formal syntax description of the predetermined data transmission protocol contained in said plug-in. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method for enabling an Application Level Gateway (ALG) to validate protocols in a data transmission network, comprising:
-
i. providing an ALG between a server and a client in the network;
ii. configuring a universal parser and a parser plug-in in said ALG, for analyzing data flow of an application level protocol through said ALG, said parser plug-in containing a formal description of said data transfer protocol; and
iii. validating said data flow of application level protocol, by comparing data flowing through said ALG for compatibility with the formal syntax description of said data transmission protocol. - View Dependent Claims (9, 10, 11)
-
-
12. An Application Level Gateway (ALG) for providing protocol validation in a one-way simplex data transmission network, comprising:
-
a) a transmission controller for controlling data flow between a sender, the ALG and a receiver;
b) a universal parser coupled to said transmission controller, for parsing all data flowing between said sender and said receiver, and through the ALG; and
c) a parser plug-in, connected to said universal parser, said plug-in containing a formal syntax description of a predetermined data transmission protocol;
said ALG is operable for providing protocol validation by comparing the parsed data with the formal syntax description of the predetermined data transmission protocol.
-
-
13. An Application Level Gateway (ALG) for providing protocol validation in a data transmission network, comprising:
-
a) a transmission controller for controlling data flow between the ALG and a server;
b) a universal parser coupled to said transmission controller, for parsing all data flowing between the ALG and said server; and
c) a parser plug-in, connected to said universal parser, said plug-in containing a formal syntax description of a predetermined data transmission protocol, said ALG is operable for providing protocol validation by comparing the parsed data with the formal syntax description of the predetermined data transmission protocol.
-
-
14. An Application Level Gateway (ALG) for providing protocol validation in a data transmission network, comprising:
-
a) a transmission controller for controlling data flow between the ALG and a client;
b) a universal parser coupled to said transmission controller, for parsing all data flowing between the ALG and said client; and
c) a parser plug-in, connected to said universal parser, said plug-in containing a formal syntax description of a predetermined data transmission protocol, said ALG is operable for providing protocol validation by comparing the parsed data with the formal syntax description of the predetermined data transmission protocol.
-
-
15. A method for providing validation of a predetermined protocol in an ALG, comprising:
-
parsing data flowing through the ALG;
determining compatibiliy with the predetermined protocol by comparing the parsed data with a pluggable format syntax description of the predetermined protocol. - View Dependent Claims (16, 17, 18)
-
-
19. A system for validating a response from a client computer, relative to a request from a server computer, the system comprising:
an Application Level Gateway (ALG) configured to parse the client response, compare the parsed response with a plug-in module containing a syntax description of a predetermined protocol, and based on the comparison ascertain whether the client response is valid with respect to the predetermined protocol. - View Dependent Claims (20)
-
21. A system for validating an output from a server computer, the system comprising:
an Application Level Gateway (ALG) configured to parse the server output, compare the server output with a plug-in module containing a syntax description of a predetermined protocol, and based on the comparison ascertain whether the server output is valid with respect to the predetermined protocol. - View Dependent Claims (22)
Specification